SMB Zero-Day affects Windows 8, 10 and Server

A new vulnerability in SMB protocol may be exploited to inject and execute malicious code on Windows computers. SMB is a protocol widely used to connect Windows clients and servers.

The bug affects several Windows OS versions, such as Windows 10, 8.1, Server 2012, and Server 2016. It has been discovered by researcher Laurent Gaffie.

"This bug can be used to trigger a reboot on a given target, it can be either local (via netbios, llmnr poisoning) or remote via a UNC link (example: adding an image with a link: \\attacker.com\file.jpg in an email)," Gaffie said. "It's important to note that this trivial bug should have been caught immediately by their SDLC process, but surprisingly it was not. This means that the new code base was simply not audited or fuzzed before shipping it on their latest operating systems."

Microsoft is aware and considers the vulnerability a remotely triggered denial-of-service bug, low-risk. No patches are currently available, but mitigations include blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the wide-area network.